That's the same thing you could say 25 years ago about putting your OS in ROM: "First, if there's a rootkit in the OS then you're screwed. Permanently. Second, if there's no rootkit in the OS but you still can reprogram the hardware then you are just as screwed as ever. Third, if there's a hardware vulnerability then there's no way you'll be able to work around it by updating the OS."
The microcontroller indirection is asking the vendor to put himself on the same level as their users. If the users cannot prepare updates, neither should the vendor. If the vendor can, so should the users.
Firmware is where a lot of interesting stuff happens for many network cards. Freedom of firmware is nowadays what freedom of OSes and drivers was when Stallman wrote the GNU manifesto. He won that front, why should he resign to vendors on this one?